Dennis Carr a écrit : > I'm running postfix 2.5.5-1.1 (Debian Stable) on my desktop, which I > use to deliver mail to the internet via my server. Under optimal > circumstances, I'd just have an IP address assigned to the box that's > on the public network, but I'm on a single dynamic IP assigned by > Comcast that may or may not change at the drop of a hat. > > Currently, the method of delivery to my server is by way of an ssh > tunnel to my server (deliver on localhost 2525 to get to the server), > but the problem lies herein of security - if I do this, I tend to get > rooted. > > So here's the question: is there either... > > 1) A better way to do this, using already existing mechanisms in > Postfix, or... > > 2) a way to tell Postfix to turn on the ssh tunnel for the period > required to deliver mail on delivery to the daemon, and then flush the > queue, at which point the tunnel is closed? >
you can still use ssh with a dedicated account and with "forced" commands. if you want to use postfix-only, then STARTTLS and either SASL or client certificate should do. ideally on a port other than 25 (587 is the standard submission port).
